Close

Apps du Marketplace : comment assurer la confiance ?

Confiance, sécurité, fiabilité et confidentialité constituent les piliers de la relation entre les clients Atlassian et nos Marketplace Partners tiers.

Venn Diagram spot

Cloud apps are a shared responsibility

Atlassian provides information, controls and capabilities, while facilitating communication between you and Marketplace Partners.

Marketplace Partners

Marketplace partners design apps and operational processes according to their legal obligations, Atlassian’s requirements, and general industry best practices for reliable, compliant, and secure apps. They also provide support and information to help you make informed decisions.

Atlassian

Atlassian provides information and capabilities to help Marketplace Partners build trustworthy apps and to help customers vet and manage apps.

You

You leverage the information provided by Atlassian and Marketplace Partners to vet apps against your requirements. It’s important to acknowledge that app installation requires a new relationship with a Marketplace Partner that is separate from your relationship with Atlassian.

Atlassian’s approach to supporting customers and partners

Data protection support for Marketplace Partners

Atlassian has programs, tools, educational resources, and requirements in place to help third parties protect your data when you extend your workflows with Marketplace apps.

In the event that partners aren't meeting our requirements, we may take actions like removing badges, hiding apps from the Marketplace, pausing them, or adding them to a public transparency page.

Setting a privacy & security baseline

Our Marketplace programs help Marketplace Partners achieve the highest consistent standards for application security and privacy.

Cloud Security spot

Setting a security baseline with requirements

Atlassian has defined a minimum set of Cloud App Security requirements that all Marketplace apps must meet. These requirements are mandatory and are aimed at enforcing security best practices across all apps.

Code review illustration

Maintaining security through continuous scanning

Atlassian’s Ecoscanner platform performs security checks across all Marketplace cloud apps on an ongoing basis to help ensure the security of our ecosystem.

If an app is found to be missing a security requirement, Atlassian will take action to protect customers.

Bug logo

Timely resolution of security issues

To ensure the security of all Marketplace cloud apps, Marketplace Partners are required to adhere to security bug fix SLAs. If a vulnerability or missing security requirement is detected in any app listed on the Marketplace, partners are required to respond in a timely manner.

Bugcroud logo

Enhanced vulnerability discovery via opt-in Bug Bounty program

Atlassian has a best-in-class marketplace bug bounty program to increase security and trust. Participating Marketplace Partners are able to proactively combat security risks before they arise by incentivizing security researchers to find vulnerabilities. While the program is generally optional, apps must participate to get a Cloud Fortified or Cloud Security Participant badge.

Security Practices spot

Ensuring transparency through privacy requirements

Apps are required to provide a privacy policy that outlines data access, collection and processing, and with whom and where End User Data might be shared or stored.

In addition to a privacy policy, Atlassian requires partners to obtain all necessary rights, permissions, and consents from end users for any processing of any End User Data.

Administrative visibility & control for customers

Get the information you need to choose apps that fit your requirements thanks to centralized app information on Atlassian Marketplace.

Plus, leverage controls to ensure only apps you trust have access to the data they need.

We support this through:
Checkmark icon

Centralized app administration in admin.atlassian.com

Checkmark icon

Controls for end user app installs

Checkmark icon

Controls to limit app access to selected content (coming soon)

Checkmark icon

Privacy & Security tab on Atlassian Marketplace

Checkmark icon

Required privacy policies on each Marketplace app listing

Helping you safely power-up your workspace with apps

In addition to trust badges, we’re constantly working with partners to bring you more app information on admin.atlassian.com and the Marketplace. To learn more about an app before installing, you can:

step 1

Start with the Privacy & Security tab on the app’s listing.

This should include partner-provided information about how an app handles data, its permissions, compliance certifications, security details, privacy information and more.

step 2

Visit the app’s privacy policy.

Partners are required to provide a privacy policy that details their app’s data access and use on their Marketplace app listing. If you can’t find what you need on the Privacy & Security tab, try the privacy policy or documentation.

step 3

Check the partner’s website.

Some partners have their own comprehensive trust centers, which can provide detailed information about the company and app.

step 4

Reach out to the partner directly.

You can find support contacts on the app listing, but this may not always be the right contact for security questions. Check the security contact listed directly on the Privacy & Security tab to save time.

step 5

Sign up for new version updates.

Or check the Connected Apps tab on admin.atlassian.com for apps with an update available so you can stay up to date on app changes.

Programmes dédiés à la confiance pour le Marketplace

Les signaux de confiance du Marketplace sont là pour vous aider à identifier facilement les apps qui vont au-delà des standards généraux d'Atlassian afin d'offrir une expérience Cloud incroyablement sûre et fiable.

The requirements for each badge are as follows:

 

 

Toutes les apps Cloud

Participant au programme Cloud Security

Cloud Fortified

Confidentialité

Politique de confidentialité applicable aux apps

Toutes les apps Cloud

Participant au programme Cloud Security

Cloud Fortified

Sécurité

Exigences de sécurité applicables aux apps Cloud de base

Toutes les apps Cloud

Participant au programme Cloud Security

Cloud Fortified

Surveillance par la plateforme d'analyse des vulnérabilités des apps d'Atlassian, Ecoscanner

Toutes les apps Cloud

Participant au programme Cloud Security

Cloud Fortified

Exigences supplémentaires en matière de sécurité des apps et de délais de résolution définis par Atlassian

Toutes les apps Cloud

Participant au programme Cloud Security

Cloud Fortified

Participation au programme Bug Bounty pour le Marketplace**

All Cloud apps

 

Participant au programme Cloud Security

Cloud Fortified

Dispose d'un onglet « Confidentialité et sécurité » complet

Toutes les apps Cloud

(optionnel)

Participant au programme Cloud Security

(optionnel)

Cloud Fortified

Fiabilité

Contrôles supplémentaires pour la fiabilité et les performances du service à grande échelle

All Cloud apps

 

Cloud Security Participant apps

 

Cloud Fortified

Processus d'incident et de revue intégrés à Atlassian à des fins de récupération plus rapide et d'amélioration continue

All Cloud apps

 

Cloud Security Participant apps

 

Cloud Fortified

Support

Efforts commercialement raisonnables pour fournir du support

Toutes les apps Cloud

Participant au programme Cloud Security

Cloud Fortified

SLA avec délai de réponse de 24 heures, 5 jours par semaine pour tous les tickets T1**

All Cloud apps

 

Cloud Security Participant apps

 

Cloud Fortified

Communauté Confiance et sécurité

Rejoignez le groupe Confiance et sécurité de la communauté Atlassian pour recevoir directement les conseils de notre équipe de sécurité et pour partager des informations, des conseils et des bonnes pratiques d'utilisation des produits Atlassian de manière sécurisée et fiable.